Welcome to my new blog here on www.windowsecurity.com! My name is Dr. Tom Shinder and you might know me from my years over at www.isaserver.org. For the last ten years of my work life, I’ve dedicated myself to consulting and writing about Microsoft networking and security topics. During the last decade, I’ve had the opportunities to write on my own, or in collaboration with others, over 30 books on planning, installing, operating and securing Microsoft networks.
In this blog, and in the articles I’ll publish on www.windowsecurity.com, I’ll focus on Microsoft security technologies and products and how you can use those products and technologies to help secure your network and reach the ever increasing regulatory compliance issues that you’ll encounter over the coming years. I think you’ll be amazed at how Microsoft has changed from a company that paid relatively little attention to security in the past to one that has one of the most comprehensive security product and technology portfolios in the computer software industry today.
Another thing about this blog is that I’ll try to orient toward the MS network admin who isn’t planning on become the security expert in his organization. This means that I’ll focus on things that you can do to defend and protect your network now. I won’t try to turn you into a hacker, and I won’t try to educate you into the hacker’s mindset. Instead, I hope to provide you with the tools, technologies and methodologies that you can use to protect yourself from the bad guys, without trying to teach you how to become one of the bad guys.
I’m looking forward to working with all of you in the years to come and hope that we’ll have some active and professional discussions on this blog. We can all learn something from each other and ideally I’ll learn more from all of you than you learn from me! Just about everything I know I’ve learned from someone else, so let’s hope that positive trend continues on this blog.
I’ve configured to blog to notify me when you post a reply and I’ll try to reply ASAP after your post.
Thanks!
“…There are a number of auditing enhancements in Windows Server® 2008 R2 and Windows® 7 that increase the level of detail in security auditing logs and simplify the deployment and management of auditing policies. These enhancements include:
- Global Object Access Auditing. In Windows Server 2008 R2 and Windows 7, administrators can define computer-wide system access control lists (SACLs) for either the file system or registry. The specified SACL is then automatically applied to every single object of that type. This can be useful both for verifying that all critical files, folders, and registry settings on a computer are protected, and for identifying when an issue with a system resource occurs.
- “Reason for access” reporting. This list of access control entries (ACEs) provides the privileges on which the decision to allow or deny access to the object was based. This can be useful for documenting the permissions, such as group memberships, that allow or prevent the occurrence of a particular auditable event.
- Advanced audit policy settings. These 53 new settings can be used in place of the nine basic auditing settings under Local Policies\Audit Policy to allow administrators to more specifically target the types of activities they want to audit and eliminate the unnecessary auditing activities that can make audit logs difficult to manage and decipher…”
For more details on what’s new and improved in security auditing in Windows Server 2008 R2, check out:
http://technet.microsoft.com/en-us/library/dd56062...).aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“…REDMOND, Wash. — Nov. 2, 2009 — Microsoft Corp. today released the seventh volume of the Microsoft Security Intelligence Report (SIRv7), which indicates that worm infections in the enterprise rose by nearly 100 percent during the first half of 2009 over the preceding six months. Rogue security software remains a major threat to customers; however, 20 percent fewer customers were affected by rogue infections during the past six months.
In addition, the Zlob family of trojans, considered a top threat two years ago, has drastically declined due to Microsoft’s work to aggressively clean customer machines and customers’ diligence in applying software updates…”
For more information about top threats seen on the network today, check out:
http://www.microsoft.com/downloads/details.aspx?Fa...ang=en
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“This document contains both the Design Guide and the Deployment Guide for DirectAccess in Windows Server® 2008 R2. These guides help you to design and deploy DirectAccess servers, DirectAccess clients, and infrastructure servers on your intranet.
Use the Design Guide to answer the “What,” “Why,” and “When” questions a deployment design team might ask before deploying DirectAccess in a production environment.
Use the Deployment Guide to answer the “How” questions a deployment team might ask when implementing a DirectAccess design..”
These documents will get you off to a good start.
Check them out at:
http://www.microsoft.com/downloads/details.aspx?di...c7198f
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Before you try your hands at making DirectAccess work in your own lab, it’s a good idea to watch someone else make it work – especially in the case of DirectAccess, where there are a lot of moving parts and issues that you need to be aware of before you embark on your DirectAccess quest.
While not a detailed end to end “how to”, this webcast will show you some of the important components of the solution.
Check it out at:
http://edge.technet.com/Media/DirectAccess-Configu...-of-5/
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
Ben Bernstein and Stephen Bowie tell us what the value is for Unified Access Gateway (UAG) with Direct Access (DA).
After this, we do a whiteboard of UAG + DA architecture, including explaining how it works with multiple UAG servers. Here’s how the rest of the interview breaks down:
- How UAG supports legacy IPv4 clients (Marker 3 @ 8:02)
- How does the client know to connect to the proper DNS server and not the one from the local ISP? (Marker 4 @ 13:17)
- How do we know it’s securely talking to the proper DNS server? (Marker 5 @ 15:01)
- What other components on UAG enable DA? (Marker 6 @ 16:10)
- Additional value add for UAG with DA (Marker 7 @ 17:55)
Check out this fantastic insightful video over at TechNet edge:
http://edge.technet.com/Media/Direct-Access-and-UA...nin1.0
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“…There are a number of auditing enhancements in Windows Server® 2008 R2 and Windows® 7 that increase the level of detail in security auditing logs and simplify the deployment and management of auditing policies. These enhancements include:
- Global Object Access Auditing. In Windows Server 2008 R2 and Windows 7, administrators can define computer-wide system access control lists (SACLs) for either the file system or registry. The specified SACL is then automatically applied to every single object of that type. This can be useful both for verifying that all critical files, folders, and registry settings on a computer are protected, and for identifying when an issue with a system resource occurs.
- “Reason for access” reporting. This list of access control entries (ACEs) provides the privileges on which the decision to allow or deny access to the object was based. This can be useful for documenting the permissions, such as group memberships, that allow or prevent the occurrence of a particular auditable event.
- Advanced audit policy settings. These 53 new settings can be used in place of the nine basic auditing settings under Local Policies\Audit Policy to allow administrators to more specifically target the types of activities they want to audit and eliminate the unnecessary auditing activities that can make audit logs difficult to manage and decipher…”
For details on these new features, check out the article at:
http://technet.microsoft.com/en-us/library/dd56062...).aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“…Once you have updated the Windows Server® 2008 operating system with the Hyper-V™ technology release bits and enabled the Hyper-V role, you are ready to run virtual machines (VMs) on your server, now called a virtualization server (also called a “host”).
How does this change your security? Not much. Hyper-V is designed to be fairly transparent. You secure your VMs the same way that you secure physical machines. For example, if you run antivirus software on the physical machine, run it on the VM (not the host). If you segment the physical server to a particular network, do the same to the VM.
Securing the virtualization server itself involves all the measures you take to safeguard any Windows Server 2008 server role, plus a few extra to help secure the VMs, configuration files, and data. For more information on helping to secure Windows Server 2008 workloads, see the “Windows Server 2008 Security Guide.”
Microsoft recommends the following best practices to improve the security of your Hyper-V virtualization servers. Many of these practices apply to your other virtualization servers as well…”
Check out the rest of this article over at:
http://technet.microsoft.com/en-us/library/cc974516.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“…In the October edition of TechNet magazine, I answered the question, “What’s New in Group Policy for Windows 7 and Windows Server 2008 R2.”
Besides “what’s new,” people oftentimes want to know how to get “more secure” using the Group Policy infrastructure that they already use.
Let’s take a look at five policy setting areas and learn how they can deliver settings you might use to help make your world more secure…
Check out the rest of this very useful and interesting article over at:
http://technet.microsoft.com/en-us/library/ee780891.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
“The Microsoft Security Intelligence Report (SIR) is a comprehensive and wide-ranging study of the evolving threat landscape, and addresses such topics as software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software.
Volume 7 of the Security Intelligence Report (SIR v7) covers the first half of 2009 (January through June). It includes data derived from more than 450 million computers worldwide, each running Windows. It also draws data from some of the busiest services on the Internet, such as Windows Live Hotmail and Bing.
The research is extensive and we encourage you to download the report…”
Check out this webcast on the report over at:
http://edge.technet.com/Media/Microsoft-Security-I...IR-v7/
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)
